Expand description
Rule + pack evaluator.
Direct port of the Python reference:
_get_dotpath, _match_action, _eval_rego_subset, _eval_rego_allowlist,
_eval_jsonlogic, evaluate_rule, evaluate_packs.
Semantics are documented in policy-pack-format.md section “Evaluation
semantics”: any DENY wins, else WARN, else ALLOW.
Structs§
- Decision
Result - Aggregate result returned by
evaluate_packs.
Enums§
Functions§
- eval_
jsonlogic - Minimal JSONLogic — supports the SINGLE pattern shipped in
rate-limit.json: - eval_
rego_ allowlist - Rego allowlist pattern (used by
tool-allowlist.json). - eval_
rego_ subset - Minimal Rego subset — supports the SINGLE pattern shipped in the example PII pack:
- evaluate_
packs - Run an action through every loaded pack in pack-load order.
- evaluate_
rule - Evaluate a single rule. Returns
(decision, deny_reason). - get_
dotpath - Walk a dot-path through nested JSON objects.
- match_
action - Does the rule’s
match.actioncover the inbound action?